RESOLVED FIXED 44176
WebCore::createFragmentFromMarkup ReadAV@NULL 
https://bugs.webkit.org/show_bug.cgi?id=44176
Summary WebCore::createFragmentFromMarkup ReadAV@NULL
Berend-Jan Wever
Reported 2010-08-18 07:32:32 PDT
Created attachment 64708 [details] Repro The following repro causes a NULL pointer crash in latest Chromium: <body onload=" document.designMode='on'; document.execCommand('selectall'); document.execCommand('InsertLineBreak'); document.open(); document.execCommand('Undo'); document.execCommand('InsertHTML', false, 'x'); "> id: WebCore::createFragmentFromMarkup ReadAV@NULL (0aeb58d38090b34986cfab3dd85965ec) description: Attempt to read from NULL pointer in WebCore::createFragmentFromMarkup stack: WebCore::createFragmentFromMarkup WebCore::executeInsertHTML WebCore::Editor::Command::execute WebCore::Document::execCommand WebCore::DocumentInternal::execCommandCallback v8::internal::HandleApiCallHelper<...> v8::internal::Builtin_HandleApiCall v8::internal::Invoke v8::internal::Execution::Call ...
Attachments
Repro (227 bytes, text/html)
2010-08-18 07:32 PDT, Berend-Jan Wever 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Eric Seidel (no email)
Comment 1 2010-08-18 08:39:31 PDT
I suspect this is related to the document.close() bug. :)
Eric Seidel (no email)
Comment 2 2010-08-18 08:42:53 PDT
The document.close() bug is bug 43055.
Tony Gentilcore
Comment 3 2010-08-18 08:43:09 PDT
Yeah, it looks identical. Want to add this test case to your 43055 patch and then mark this as a dup?
Berend-Jan Wever
Comment 4 2010-09-29 12:10:28 PDT
This no longer crashes latest Chromium and the suspected duplicate was fixed, marking as fixed.
Note You need to log in before you can comment on or make changes to this bug.